Scapy part 2: Custom Protocols and Packet Crafting

In part 1 of this series I covered how flexible Scapy could be out of the box. With Sniffing, Spoofing, and Fuzzing ready to rock most people stop there. But there is still more to explore. In this post I discuss how packets are constructed and layout the creation of a new type of Packet: a "Doorman Port Knocking Encrypted Packet" (DEPKP). This protocol will hide services on a network behind a packet filter called the Door Man.

Scapy part 1: the Python packet Swiss army knife

Scapy is a Python module which allows you to manipulate network packets in pretty much any conceivable way. Want to sniff SMTP and save credentials to a CSV? Sure, no problem. Want to Fuzz some unknown UDP protocols? Scapy has you covered. Finally, my favorite...can't put a traditional sniffer on an exploited box? Scapy to the rescue! In this post I will discuss this incredibly powerful library and demonstrate how you can use it to implement a highly functional packet capturing tool which can be used to bypass certain defensive measures.

Katas for Hackers: Sharpening your digital Martial Arts

The importance of Katas

In certain Martial Arts traditions there exists training forms known as Katas. They are a detailed set of choreographed actions that you perform repeatedly. One of the purposes of performing these scripted movements, is to train your body to react seamlessly in common patterns. Of course, you need to be able to improvise. But enough cannot be said about the importance of drilling on the basics (and not so basics). As my instructor puts it "Flash may impress spectators, but fundamentals win fights"

Hardened Attacks: Surviving OS rewrites using NVRAM storage

Reading through the recent WikiLeaks tool dump has yielded a great deal of Post Exploitation material. While the drama continues to unfold around the exploit portion of the dump I wanted to dive right in to what already known. A lot of the tools and methods were known publicly already. However just because something is old does not mean it is useless. The one thing that was of particular interest outside of the better known methods was the ability to survive OS rewrites on UEFI-enabled computers. This is one of the highest aspirations for any Malware. Let's take a look at how this can be achieved using Hardware level persistent storage known as Non-Volatile RAM (NVRAM).

New Year, New Presentation and Marble Horsehide

I am very pleased to announce that February 4th I will be presenting at Security BSides: Seattle again. I am excited they have accepted my new presentation, because this topic was a fun one to work on!